ci(release): build macOS CLI with static bundled-z3 via zig#7
Merged
Conversation
The macOS release CLI dynamically linked Homebrew's libz3.4.15.dylib (Z3_SYS_Z3_HEADER=/opt/homebrew/include/z3.h), so it failed at startup on a clean Mac with no brew z3 (dyld: Library not loaded). Mirror the Linux job instead: build z3 from source and statically link it via --features bundled-z3, using zig as the C/C++ compiler so the vendored z3 compiles regardless of the runner's Apple clang version. zig only compiles z3 (built static); the final binary is linked by the default system linker (ld64) because zig cannot link a macOS executable. -fno-sanitize=all disables zig cc's default UBSan instrumentation, whose __ubsan_handle_* symbols are otherwise unresolved at the system-link step. Verified locally with zig 0.14.1 (the pinned CI version): otool -L on the resulting binary shows only system libraries (libc++, libSystem, libiconv, Security/CoreFoundation) -- no z3/Homebrew/opt -- and the binary runs (openshell --version -> 0.6.3).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The macOS release
openshellCLI dynamically linked Homebrew'slibz3.4.15.dylib(built withZ3_SYS_Z3_HEADER=/opt/homebrew/include/z3.h), so on a clean Mac with no brew z3 it failed at startup withdyld: Library not loaded: libz3.4.15.dylib. This makes the macOSbundled-z3path match the Linux job: build z3 from source and statically link it, so the released binary is self-contained.Related Issue
Fork-local CI fix; tracked downstream as openlock
openlock-pvq(macOS mirror of the Linuxopenlock-1o3static-z3 fix). No upstream NVIDIA issue.Changes
.github/workflows/openlock-release.yml,build-macosjob only:brew install protobuf z3→brew install protobuf(no system z3 needed)Set up zig(0.14.1) +Configure zig C/C++ wrapperssteps, mirroring the Linux jobBuild openshell CLI: dropZ3_SYS_Z3_HEADER, add--features bundled-z3, pointCC/CXX/CC_<triple>/CXX_<triple>at the zig wrappers, setCXXSTDLIB=c++,MACOSX_DEPLOYMENT_TARGET=11.0, andREAD_ONLY_GITHUB_TOKENzig is used only as the compiler (z3 builds static); the final binary is linked by the default system linker (ld64) — zig cannot link a macOS executable.
-fno-sanitize=alldisables zig cc's default UBSan instrumentation whose__ubsan_handle_*symbols are otherwise unresolved at the system-link step.Testing
Reproduced the exact recipe locally on macOS with zig 0.14.1 (the pinned CI version),
cargo build --release --target aarch64-apple-darwin -p openshell-cli --features bundled-z3:otool -Lon the resulting binary → only system libraries (libc++,libSystem,libiconv, Security/CoreFoundation) — no z3 / Homebrew / /optopenshell --version→openshell 0.6.3(rc=0); a clean load proves z3 is statically resolvedFinal verification is the release run itself + a clean-Mac smoke (openlock side).
Checklist